Job Description

Manager Notes:

• Fully remote role; HM flexible on timezones, doesn't have to be PST
• Degree not a dealbreaker for this role, but HM really needs someone with hands-on specific penetration testing experience
• Desired certifications listed in JD (GWAPT, OSCP, GPEN)
• 4+ years' experience in the IT field, 2+ years' experience specifically in penetration testing desired
• Top skills include the following:
  • Focus around web-application testing (BURP)
  • Strong written communication skills for writing up reports
• The main role of this position is to deep dive into web applications to see what can be hacked; whatever the ETW finds needs to be written up in a report and sent to the applicable team so they can fix the gaps in the system before any "bad guys" catch it.
• In the past, candidates with "bug bounty" experience have not worked out well, as the team needs someone with broader experience. Candidates who have this experience listed will not be prioritized.
• Team currently consists of 8 other testers; team works fairly independently
• HM will not entertain candidates who discuss "bad" hacking skills; it's imperative that candidates have strong ethical standards in this role
• 2, potentially 3 rounds of interviews
  • First round will be more behavioral-based with the HM, with a few softball technical questions included
  • Second round will be more technically focused and will be conducted with several other members of the team
• The hired individual will join the CIS ASM penetration testing team. Expectation of taking the details of an already scoped web application or API penetration test, perform the test, write and deliver a report of all findings and perform remediation validation upon request.

Job Description
The Penetration Tester is part of Corporate Information Security, Security Operations organization and participates in the attack surface management of global computing assets. The Penetration Tester is responsible for security testing of our technology, coordination with stakeholders regarding their findings and completion of day to day tasks associated with penetration test program.

Job Responsibilities

• Perform web application, API and network penetration testing within the designated scope and rules of engagement
• Provide technical guidance for remediation of findings, collaborating with other CIS teams as necessary
• Interface & support other CIS organizations such as Incident Response, Governance, Risk and Threat Intelligence as necessary

Qualifications

• 4+ years of IT professional experience, with 2+ years previous penetration testing or application security background
• Strong understanding of a variety of technical concepts such as: Application development, networking, systems administration, and information security practices
• Strong web application development, security flaw and remediation technical understanding
• Demonstrated experience with a variety of open source and commercial testing tools in areas such as web interception proxies, packet capture, debugging and API interaction.
• Strong verbal and written communication skills to clearly convey both technical
• Experience and knowledge of performing security tasks within AWS or Azure cloud environments
• Ability to develop strong working relationships with a variety of other enabling teams.
  Self-motivated and operates with a high sense of urgency and a high level of integrity.

Strongly Preferred

• Certifications such as GIAC Web Application Penetration Testing (GWAPT), Offensive Security Certified Professional (OSCP) or GIAC Penetration Testing (GPEN) are strongly preferred.
• Previous experience working in large scale environments with diverse technologies.
• Ability to automate technical tasks through use of APIs or scripting.

Job Tags

Similar Jobs